Security Analyst – Incident Response

Security Analyst – Incident Response

Requirements

• Continuously monitor SIEM Console, ServiceNow incident queues and SecOps dashboards for alerts, tickets, and issues.
• Notify system owners and Escalate security incidents per the incident response escalation procedures.
• SIEM Alert tuning and configuration.
• Monitor devices system performance, system resources utilization (disk space, indexed data) and health monitoring.
• Add, configure new log, and event sources into SecOp’s tools.
• Fine tuning and policy enhancement for SIEM and other SecOp’s tools.
• Responsible for troubleshooting SIEM and SOC (Security Operations Center) operational related issues.
• Assist in case of major outbreak or any critical incident related issue.
• The Incident response team will perform a deep dive incidents analysis by correlating data from various sources.
• Respond to all reported security incidents.
• Follow up with teams for incident closure.
• Maintain incident records as per the guidelines.
• Capture and protect the evidence related to an incident.
• Review and interpret new IoC threats for applicability.
• Deep-dive investigations including traffic & malware analysis.
• Perform incident damage assessment.
• Update stakeholders about security incidents progress.
• Strong interpersonal communication skills.
• Good verbal and written communication skills.
• Ability to analyze problems and create solutions to Maintain confidentiality of information.
• Must be able to prioritize projects, maintaining a sense of urgency to meet deadlines.
• Must possess the ability to follow verbal and written directions.
• Must be a self-starter and able to work well in independently and in Team.
• Must be able to use critical thinking skills and judgment.
• Must be able to work positively and professionally with a wide range of personalities.
• Must be able to accept constructive criticism.

Responsibilities

• Monitoring & responding to security events & tickets.
• Investigating root cause analysis of issues and updating and investigating threat feeds and alerts.
• Management and operation of the SIEM (Security Information and Event Management) solution.
• Support the wider information security and IT teams as appropriate on additional requests.
• On-call work over a weekend on an agreed rotation.

Preferred Qualifications

• Background / experience in security operations.
• Experience using / performing searches and tuning a SIEM product.
• Experience with the Microsoft suite of security tools.
• Experience in using security incident response frameworks & Mitre framework.